Eduroam is another popular choice for educational organizations.

I know this post is really old, however, this is similar to my issue except that last week, any client could connect to my wireless network and this week they can not. The windows/android/iphone clients were able to connect with 802.1x verifying against a local, Aruba based database of one user name.

Since I had a hard deadline to get it up and running, it was only tested with Android and i OS, neither of which had any real problem.

We are perfectly willing to buy a certificate from Verisign, Thwarte, etc if it will help but have tried our Comodo wildcard SSL certificate which hasn't fixed it.

These machines belong to the end users so we can't easily control settings with group policy or registry hacks.

Ideally they should then provide their network credentials at connection time and be seamlessly connected.

It appears that the Subject Alt Name entry of the certificate must be set to the DNS used to reach the radius server.

We're deploying a wireless networking using Windows Server 2008 NAC as a RADIUS server.

When Windows XP or 7 clients connect they initally fail to connect.Only clients that have not disconnect from the network were still able to access it.This only happens with the 802.1x ssid (staff) and not with the PSK ssid (for guests).Not an ideal setup but your department will need to do the risk analysis.If you do go this route, make sure you document for CYA purposes.From a security standpoint the best option is setup a captive portal.